When reviewing incidents on the Symantec Endpoint Detection and Response (SEDR) appliance, it is noted that a new incident is created that contains events from the same date and time as those in a previously closed incident. The incident continues to get generated even though the incident is repeatedly closed.
A SEP client policy has become corrupted.
Update the SEP client policy for the client(s) in question.
For details, see the following topic in the SEP Installation and Administration Guide::